If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This thread brings to mind a cat I used to know who lived in the 'hood. He drove a beater (an old car) and always left it unlocked. He explained to me thieves would find a way to break in, so why secure the car so it got tore up? Of course, he kept nothing of value in the car.

Me? I always got something of value in my trunk: tools, a laptop, a change of clothes, my gymbag. No way I'd leave my old beater unlocked.

Well my philosophy on security .......it all depends on the environment the systems are in, the data and risks involved.......without affecting the functionality of access to data and services required by the users

My home securty is much different the the businesses I work in....and the businesses vary greatly also

I am by no means a security professional...but I feel I have a good understanding of general security practices....and try and train the users in good security practices

Personally...I dont use auto logon....yes it is basic...but it stops someone from wiggling the mouse and accessing my account and data....whether it be at work or at home....

That is my point.........

MLF

How people treat you is their karma- how you react is yours-Wayne Dyer

Originally posted here by morganlefay Well my philosophy on security .......it all depends on the environment the systems are in, the data and risks involved.......without affecting the functionality of access to data and services required by the users

My home securty is much different the the businesses I work in....and the businesses vary greatly also

I am by no means a security professional...but I feel I have a good understanding of general security practices....and try and train the users in good security practices

Personally...I dont use auto logon....yes it is basic...but it stops someone from wiggling the mouse and accessing my account and data....whether it be at work or at home....

That is my point.........

MLF

If that's your point then admit it's nothing more than security through obscurity and I'll agree with you... because once again you've basically admitted that...

devpon: Again...I'm not talking individual situtations.. if people raise their children so that they can't trust them... that's their way of raising their kids and it's not my place to make statements on that... I've never had issue with MLF.. My entire argument has been against brokencrow's initial argument which was generic and so my argument as been generic there may be specific cases.. but in the end it's security through obscurity and has nothing to do with being hacked... It may affect what your kids read.. (Why are you raising nosey brats then) but it doesn't affect if you're hacked or not... because as I keep saying it's SECURITY THROUGH OBSCURITY something that normally the members of this site would frown upon... but today you all seem to support it..

brokencrow: this is nothing the same.. you lock your car doors so insurance will cover a claim... not because it keeps your car from being stolen... a lock has never kept someone from stealing a car... So comparing auto login to a locked car door... quite different..

Peace,
HT

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Originally posted here by morganlefay It is obvious that you dont have children.

.......post back in 20 years and we will chat

Children by nature...are curious to say the least...

RANT&gt;

I dont know who the feck you think you are calling my children "nosey brats"

Grow the feck up....you obviously have no fricken idea about kids....

My kids dont have a clue on how to slave a fricken harddrive in a machine.......or use a knopix boot disk.........so stfu

security......by obscurity.......pffffffftttt

&lt;RANT OVER

MLF

How do you know.... many parents would say that about their kids when it isn't true... It is nothing more than security through obscurity...

Also I was addressing devpon when I mentioned nosey brats.. not you.. but to me.. if a kid is snooping on a PC.. that's what they are...

but we could have a new thread on kids and PCs and my thoughts... and why parents are to blame for more than half of the pedaphiles that are successful and so forth... which I'd be glad to do at some point.. but that should prolly be a cosmo's type conversion..

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

I don't quite agree with brokencrow's statement but I also don't quite agree with your statements HT... I don't think autologin is evil, and I understand it is security through obscurity, and yes I frown upon it, but security through obscurity is better then no security at all... Your comments suggest otherwise...

How about this scenario:

A friend of your's comes over to your house and he brings one of his friends (who you do not know) over with him. After your friend introduces you to this other individual, you head to the bathroom for 2 minutes (or whatever happens to shift your attention away from this person). This person finds your computer and can access all your data and steal it because auto login is enabled. Do you think this person would be able to do this in 2 minutes if auto login wasn't enabled? No... And what are the odds that this guy is a computer genius that carries boot disks with him everywhere he goes?

Simple scenario but this could happen, and in this scenario, basic security would prevail...

Originally posted here by The Duck I don't quite agree with brokencrow's statement but I also don't quite agree with your statements HT... I don't think autologin is evil, and I understand it is security through obscurity, and yes I frown upon it, but security through obscurity is better then no security at all... Your comments suggest otherwise...

How about this scenario:

A friend of your's comes over to your house and he brings one of his friends (who you do not know) over with him. After your friend introduces you to this other individual, you head to the bathroom for 2 minutes (or whatever happens to shift your attention away from this person). This person finds your computer and can access all your data and steal it because auto login is enabled. Do you think this person would be able to do this in 2 minutes if auto login wasn't enabled? No... And what are the odds that this guy is a computer genius that carries boot disks with him everywhere he goes?

Simple scenario but this could happen, and in this scenario, basic security would prevail...

As said before, not everyone is the great HTRegz or the great Duck

So same situtation... I'm on my computer (no auto login).. friend comes over with a buddy... I get up and go to the bathroom and don't lock my computer / log out... Same thing will happen.. Which is what's most likely... most people dont know how to lock their computers and wouldn't even think of it... so auto-login really doesn't come into play..

If you have roommates then I'd say yeah turn it on (college dorm type setting) but in my own home.. I don't need it... As I said... I can see uses for it for certain individuals... but brokencrows statement is wrong, incorrect and not close to the truth...as it is nothing more than security through obscurity... not this great end-all that he thinks it is.. security through obscurity is obviously better than nothing but 99% of the time on this site we preach against relying on security through obscurity... yet people here are saying they do rely on it..

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Having read the various comments, I would say that you are all demonstrating the "horses for courses" concept?

It all depends on what you are doing, and the environment you are doing it in, does it not?

HT~ said:

We're not talking about corporate machines, we're talking home computers.. Auto-login would be stupid in a corporate environment but it's fine in a home situtation.

I can relate to that, as I have three machines (functional, but discrete ) in this room........... this is a Win 2000 Pro, another is an XP Pro and the third is a Win ME. The two NT based systems require ctrl + alt + del to get a login screen, which then needs a user and a long password. The only reason is because that is how you are supposed to set them up. The ME box is your normal 9x setup and does not have a password.

Physically, they have identical security........... they don't have anything particularly personal or valuable on them........ my tax returns? ............ you didn't know I was such an accomplished fiction author did you?

I believe that this is the kind of environment that HT~ was referring to?

On the other hand, Morgana~ raises an interesting issue, because she has an environment where the computing resources are shared. This requires user profiles to differentiate between multiple users. Not so much for security, more as to prevent stuff getting accidentally screwed up?

This was the intention of the original Windows home "security". A secure physical environment was assumed, and the system merely separated multiple users.

I do have some software that creates a hidden partition/drive that requires up to 4 passwords to mount and decrypt. That would keep your average kid out of it, I would have thought?

nihil: I agree with most of what you said, however.. "that would keep your average kid out" I hope isn't your line of thinking in the corporate environment, is it? In a home setting, that MIGHT pass.. however in the corporate world (especially our field) that line of thinking doesn't fly.. Just so I know we're on the same page here..

SECURITY THROUGH OBSCURITY something that normally the members of this site would frown upon... but today you all seem to support it..

End of discussion, Thread Should Be Closed.. =] Regardless though, thats the case..